Transcription

2 Learning Objectives 2 To understand the concept of Business Continuity Management To understand the key phases and components of a Business Continuity Plan To understand the key aspects of Business Continuity Plan implementation To learn about Back-up and Disaster Recovery Planning To learn how to audit a Business Continuity Plan

4 Overview of BCP/DRP Business Continuity Planning A Business Continuity Plan (BCP) is a statement of the actions to be taken, the resources to be used, the procedures to be followed before, during and after a disaster that has rendered a business function to be totally or partially unavailable. BCP is a business plan, wherein the goal is to minimise the loss to the enterprise in case of a disaster The BCP document reflects an organization's ability to maintain the continuity of critical operations across the business enterprise

5 Disaster Recovery Procedures DRP covers the immediate and temporary restoration of computing and network operations after a natural or man made disaster within defined timeframes DRP is the technological aspect of BCP DRP is a crucial component of enterprise risk management and business continuity planning. It is essential for ensuring continuity of operations Disaster recovery is the science of mitigating the impact of disasters, no matter what causes them

6 Need for BCP/DRP IT systems are expanding in complexity As well as in terms of throughput (transactions per second) And in terms of critical information that must be properly and securely handled and stored from start to finish. Real damage to a business can occur if the threat of catastrophic disruption is not recognized and not handled properly.

7 What is BCP and what a BCP does What is BCP An integrated set of procedures and resource information that is used to recover from a disaster that has caused a disruption to business operations. BCP is an ongoing process.. not a project. What a BCP does Upon the declaration of a disaster, it activates pre-approved policies and authorities. Restores the outflow of services with least possible cost to the organization

8 What is a Disaster? A sudden, unplanned calamitous event that interrupts an enterprise s ability to function. Disruption of Business operations that stops the organization from providing its critical & essential services caused by the absence of critical resources Facilities, Communications, Power, Access to Information or People

11 Impact of Disasters Financial health Loss of revenue/cash flow, Large extraordinary expenses Service levels/ Customer Attitude Increased Competition, Key Differentiator is the Service Levels, Lost Customers don t return Human resources Fewer key people due to downsizing, Profound impact of loss of productive services Increasing use/dependence on Technology Liabilities for not providing services Next to impossible to operate in manual mode, More info & faster, LAN & WAN cannot be down Penalties, Management responsibility if DR is not adequately planned

12 Management Perception of BCP The BCP should Installed quickly Minimize the cost and disruption to the organization Be a quality, workable plan Implemented by Quality leadership Train and provide awareness to staff Be current and updated

14 4.9 BCM - Strategy Process 14 Establish procedures for backing up files and applications Establish contracts and agreements, if the contingency strategy calls for them Existing service contracts may need to be renegotiated to add contingency services Purchase equipment, especially to support a redundant capability

15 4.9 BCM - Strategy Process 15 Some activities have been defined as non-critical, are also included in the BCPs as they assist in allowing the critical activities to operate in a more efficient and effective manner. Enterprise may adopt any strategy but it should take into account the implementation of Measures to reduce the likelihood of incidents Measures to reduce the potential impact of those incidents Resilience and mitigation measures for both critical and non critical activities.

16 BCM Development and Implementation Process For an effective response and recovery from disruptions enterprise should have An exclusive organization structure An Incident Management Team In the event of any incident, there should be a structure to Confirm impact of incident (nature and extent) Control the situation Contain the incident Communicate with stakeholders, and Coordinate appropriate response.

17 The Incident Management Plan 17 Manage the initial phase of an incident Top management support with appropriate budget Flexible, feasible and relevant Easy to read and understand Provide the basis for managing all possible issues

20 BCM Testing 20 BCP testing program should include testing of Technical, logistical, administrative, procedural and other operational systems BCM arrangements and infrastructure (including roles, responsibilities, and any incident management locations and work areas, etc). Technology and telecommunications recovery, including the availability and relocation of staff.

21 BCM Testing 21 Practicing the enterprise s ability to recover from an incident Verifying that the BCP incorporates all enterprise critical activities and their dependencies and priorities Highlighting assumptions, which need to be questioned Instilling confidence amongst exercise participants

22 BCM Testing 22 Raising awareness of business continuity throughout the enterprise by publicizing the exercise Validating the effectiveness and timeliness of restoration of critical activities Demonstrating competence of the primary response teams and their alternatives.

23 Objectives of performing BCP tests 23 To ensure recovery procedures are complete and workable To evaluate competence of personnel in their performance of recovery procedures To ensure business processes, systems, personnel, facilities and data are obtainable and operational to perform recovery

24 Objectives of performing BCP tests 24 To ensure that the manual recovery procedures and IT backup system/s are current and can either be operational or restored To ensure that the success or failure of the business continuity training program is monitored

28 BCM Maintenance 28 BCM maintenance process demonstrates: Documented evidence of proactive management and governance of enterprise s BCP. Key people who are to implement the BCM strategy and plans are trained and competent. Monitoring and control of the BCM risks faced by the enterprise. Evidence that material changes to the enterprise s structure, products and services, activities, purpose, staff and objectives have been incorporated into the enterprise s BCPs and IMPs.

29 Maintenance tasks in BCP 29 Determine the ownership and responsibility for maintaining the various BCP strategies Identify the BCP maintenance triggers to ensure that any organizational, operational and structural changes are communicated Determine the maintenance regime to ensure the plan remains up-to-date

30 Maintenance tasks in BCP 30 Determine the maintenance processes to update the plan Implement version control procedures to ensure that the plan is maintained up-to-date

31 Reviewing BCM Arrangements 31 Verify that All key products and services and their supporting critical activities and resources have been identified and included. The enterprise s BCM policy, strategies, framework and plans accurately reflect its priorities and requirements. The enterprise BCM competence and capability are effective & fit-for-purpose, and will permit management, command, control and coordinate an incident. The enterprise s BCM solutions are effective, up-to-date and fit-for-purpose, and appropriate to the level of risk faced by the enterprise.

32 Reviewing BCM Arrangements 32 Verify that The enterprise s BCM maintenance and exercising programs have been effectively implemented BCM strategies and plans incorporate improvements identified during incidents and exercises and in the maintenance program The enterprise has an ongoing program for BCM training and awareness BCM procedures have been effectively communicated to relevant staff, who understand their roles and responsibilities Change control processes are in place and operate effectively

33 4.12 BCM Training Process 33 Training is used as a tool to initiate a culture of BCM in all the stakeholders by Developing a BCM program more efficiently Providing confidence in its stakeholders (especially staff and customers) in its ability to handle business disruptions Increasing its resiliency over time by ensuring BCM implications are considered in decisions at all levels Minimizing the likelihood and impact of disruptions.

35 35 Training, Awareness and Competency Actively listens to others, their ideas, views and opinions Provides support in difficult or challenging circumstances Responds constructively to difficult circumstances Adapts leadership style appropriately to match the circumstances Promotes a positive culture of health, safety and the environment Recognizes and acknowledges the contribution of colleagues

36 36 Training, Awareness and Competency Encourages the taking of calculated risks Encourages and actively responds to new ideas Consults and involves team members to resolve problems Demonstrates personal integrity Challenges established ways of doing things to identify improvement opportunities

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic

whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and

Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

Aon Business Continuity Planning The Aon Business Continuity Planning practice provides consulting services that allow Aon clients to measure and manage their strategic and tactical risks through Crisis

External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity

NAVIGATING THROUGH A CATASTROPHIC DISASTER: The five most common mistakes in business continuity planning As we continue to send our thoughts and prayers to the Japanese people, many of us are also reflecting

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

Disaster Recovery Planning This is a brief guide, with a suggested table of contents, to help you get started with putting together your Disaster Recovery Plan (DRP) Pensar can assist you in completing

Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;

What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures

Circular No. 033/B/2009-DSB/AMCM (Date: 14/8/2009) Guideline on Business Continuity Management The Monetary Authority of Macao (AMCM), under the powers conferred by Article 9 of the Charter approved by

Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY 27 2015 AGENDA: Emergency Management Business Continuity Planning Q & A MONTH DAY, YEAR TITLE OF THE PRESENTATION 2 CANADIAN RED CROSS Disaster

Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

Enterprise South Liverpool Academy Emergency and Crisis Management The sponsors mission is that the Enterprise South Liverpool Academy (ESLA) equips all members of its learning community with the values,

Effectiveness of BCM through Exercising By Wan Asriah Wan Adnan Head Business Continuity & Disaster Recovery Bursa Malaysia Berhad wan_asriah@bursamalaysia.com 31 October 2007 Bursa Malaysia and its Group

Disaster Recovery Planning Presented by Micky Hogue, CRM Sandia National Laboratories Albuquerque, New Mexico Mlhogue@sandia.gov 1 2 3 If that happened to your business... Would your business be able to

How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER

Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is

Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an organisation. ESKITP6036 1 Performance criteria You

Prepared by Rod Davis, ABCP, MCSA November, 2011 Disaster an event, which causes the loss of an essential service, or part of it, for a length of time which imperils mission achievement. (Andrew Hiles,

How to write a DISASTER RECOVERY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? CHAPTER PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN

Statement of Guidance Business Continuity Management All Licensees 1. Statement of Objectives 1.1. To enhance the resilience of the financial sector and to minimise the potential impact of a major operational

B Business continuity management and planning This document is part of the UCISA Information Security Toolkit providing guidance on the policies and processes needed to implement an organisational information

Disaster Recovery Review FREE Promotional Offer Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009! This review is designed to help the small business better

Preface Computer systems are the core tool of today s business and are vital to every business from the smallest to giant organizations. Money transactions, customer service are just simple examples. Despite

Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

AUDITING A BCP PLAN Thomas Bronack Auditing a BCP Plan presentation Page: 1 What are the Objectives of a Good BCP Plan Protect employees Restore critical business processes or functions to minimize the

BUSINESS CONTINUITY PLANNING GUIDELINES Washington University in St. Louis The purpose of this guide is to serve as a tool to all departments, divisions, and labs across the University in building a Business